QBitArray: don't create invalid Qt 5 streams

Qt 5 streams cannot handle QBitArrays with more than INT_MAX bits, even on 64-bit platforms, because of interface constraints (size_type int). Qt 6 can, so make sure to refuse serialization of oversized QBitArrays to Qt-5-compatible streams. [ChangeLog][QtCore][QBitArray] Now refuses to stream a QBitArray with size() > INT_MAX to a Qt-5-compatible QDataStream. Pick-to: 6.6 6.5 6.2 Change-Id: I263e27bd366757c8e0360dfd337948c44d00647a Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io> (cherry picked from commit 9219e8ff1d13a7e9aeb595d60aa4b3767a8941fc) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
2024-01-27 10:38:32 +01:00 · 2024-01-27 10:38:32 +01:00 · 0985c707a9
commit 0985c707a9
parent 2cf327be82
2 changed files with 14 additions and 2 deletions
--- a/src/corelib/tools/qbitarray.cpp
+++ b/src/corelib/tools/qbitarray.cpp
@ -896,6 +896,10 @@ QDataStream &operator<<(QDataStream &out, const QBitArray &ba)
 {
    const qsizetype len = ba.size();
    if (out.version() < QDataStream::Qt_6_0) {
+        if (Q_UNLIKELY(len > qsizetype{(std::numeric_limits<qint32>::max)()})) {
+            out.setStatus(QDataStream::WriteFailed); // ### SizeLimitExceeded
+            return out;
+        }
        out << quint32(len);
    } else {
        out << quint64(len);
--- a/tests/auto/corelib/tools/qbitarray/tst_qbitarray.cpp
+++ b/tests/auto/corelib/tools/qbitarray/tst_qbitarray.cpp
@ -94,8 +94,9 @@ void tst_QBitArray::canHandleIntMaxBits()
    });

    try {
-        constexpr int Size1 = INT_MAX - 2;
-        constexpr int Size2 = Size1 + 2;
+        constexpr qsizetype Size1 = sizeof(void*) > sizeof(int) ? qsizetype(INT_MAX) + 2 :
+                                                                  INT_MAX - 2;
+        constexpr qsizetype Size2 = Size1 + 2;

        QBitArray ba(Size1, true);
        QCOMPARE(ba.size(), Size1);
@ -108,6 +109,13 @@ void tst_QBitArray::canHandleIntMaxBits()
        QCOMPARE(ba.at(Size2 - 1), false);

        QByteArray serialized;
+        if constexpr (sizeof(void*) > sizeof(int)) {
+            QDataStream ds(&serialized, QIODevice::WriteOnly);
+            ds.setVersion(QDataStream::Qt_5_15);
+            ds << ba;
+            QCOMPARE(ds.status(), QDataStream::Status::WriteFailed); // ### SizeLimitExceeded
+            serialized.clear();
+        }
        {
            QDataStream ds(&serialized, QIODevice::WriteOnly);
            ds << ba;